Getting Data In

Anonymize only Child Nodes

jmaguire1992
Explorer

Hello,
I was wondering could anyone help me figure out the sed script required and regex to Anonymize child nodes from xml - The difficulty seems to be due to the fact each node takes it's own line within splunk rather than usual single line <testfield> 123 </testfield>. Here is an example of how it appears:

<userDetails> 
<name> 
<testfield> 
123
</testfield> 
</name>
</userDetails>

And the appearance I would want would be something like:

<userDetails> 
 <name> 
 <testfield> 
 xxxx
 </testfield>
 </name>
 </userDetails>

Any help would be great with this - thank you.

James

0 Karma
1 Solution

jmaguire1992
Explorer

I figured it out - Here is the answer for anyone who might need it.

 SEDCMD-testdata_anonymizer = s/(.*)<testfield>[\s\S]*?<\/testfield>.*/\1 <testfield>xxxx<\/testfield>/g

View solution in original post

0 Karma

jmaguire1992
Explorer

I figured it out - Here is the answer for anyone who might need it.

 SEDCMD-testdata_anonymizer = s/(.*)<testfield>[\s\S]*?<\/testfield>.*/\1 <testfield>xxxx<\/testfield>/g
0 Karma
Get Updates on the Splunk Community!

What’s new on Splunk Lantern in August

This month’s Splunk Lantern update gives you the low-down on all of the articles we’ve published over the past ...

Welcome to the Future of Data Search & Exploration

You have more data coming at you than ever before. Over the next five years, the total amount of digital data ...

This Week's Community Digest - Splunk Community Happenings [8.3.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...